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LISTING OF CLAIMS 



1 1 . (Currently amended) A method for providing shared secret keys for communicating 

2 through a secure channel between members of a dynamically changing multicast 

3 group connected over an insecure network, the method comprising the computer- 

4 implemented steps of: 

5 computing a first shared secret key for establishing a first multicast group that 

6 includes a set of one or more first members; 

7 generating a first multicast group exchange key based on the first shared secret key; 

8 receiving a first user exchange key from a first user requesting entry into the first 

9 multicast group; 

1 0 computing a second secret key kl based on the first user exchange key and the first 

11 shared secret kev according to the relation kl = (Y tk mod faV). wherein Y* 

12 represents the first user exchange key, k represents the first shared secret kev. 

13 and n is a prime number selected bv the members of the multicast group and 

14 previously used to generate the first shared secret kev k: 

1 5 sending the first multicast group exchange key to the first user, wherein the first 

16 multicast group exchange key allows the first user to generate the second 

17 shared secret key; and 

1 8 establishing a second multicast group whose members include the first user and the 

1 9 set of one or more first members of the first multicast group, wherein the 

20 second shared secret key provides a first secure channel for communicating 

21 between members of the second multicast group over the insecure network. 

1 2. (Original) The method as recited in Claim 1 , wherein the step of computing a first 

2 shared secret key includes the steps of: 

3 selecting a private non-zero random integer *x w ; 

4 selecting a public non-zero integer "g"; 

5 selecting a public prime integer "n"; and 

6 computing the first shared secret key "k" according to the relation 
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7 k = (g*mod(n)). 

1 3. (Original) The method as recited in Claim 2, wherein the step of generating a first 

2 multicast group exchange key includes the step computing the first multicast group 

3 exchange key K' according to the relation 

4 K > = (g k mod(n)). 

1 4. (Currently amended) The method as recited in Claim 2, wherein 

2 the step of receiving a first user exchange key includes the step of receiving a first 

3 user exchange key value Y' computed according to the relation 

4 Y'-(g*mod(n)), 

5 wherein *y * is a private non-zero random integer selected by the first userr-aed 

6 the step of computing a s e cond secret koy inoludoo tho stop computing tho second 

7 ooorot koy "kl w according to tho r e lation 

8 kl-(Y'*mod(n)) . 

1 5. (Previously presented) The method as recited in Claim 2, wherein the step of sending 

2 the first multicast group exchange key to the first user further comprises the first user 

3 computing the second secret key"kl" according to the relation 

4 kl=(K' y mod(n)), 

5 wherein * Y * is a private non-zero random integer selected by the first user; and 

6 wherein K* is the first multicast group exchange key. 

1 6. (Original) The method as recited in Claim 1 , wherein: 

2 the step of receiving a first user exchange key from a first user comprises the step of 

3 verifying that the first user should be allowed entry into the first multicast 

4 group; and 

5 providing the first user with the first multicast exchange key only after the first user is 

6 verified for entry into the first multicast group. 
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7. (Original) The method as recited in Claim 1 , further comprising the steps of: 
generating a second multicast group exchange key based on the second shared secret 

key, 

receiving a second user exchange key from a second user requesting entry into the 

second multicast group; 
computing a third secret key based on the second user exchange key and the second 

shared secret key; 

sending the second multicast group exchange key to the second user, wherein the 
second multicast group exchange key allows the second user to generate the 
third shared secret key, and 

establishing a third multicast group whose members include the second user and the 
members of the second multicast group, wherein the third shared secret key 
provides a second secure channel for communicating between members of the 
third multicast group over the insecure network, 

8. (Original) The method as recited in Claim 2, farther comprising the steps of: 
determining that a first departing member has left the second multicast group; 
selecting a private multicast group non-zero random integer, 

generating a second multicast group exchange key based on the private multicast 

group non-zero random integer, the public non-zero integer "g" and the public 
prime integer "n"; 

broadcasting the second multicast group exchange key to each remaining member of 

the second multicast group; 
in response to receiving the second multicast group exchange key, each remaining 

member computing a third secret key based on the second multicast group 

exchange key and the second shared secret key; and 
establishing a third multicast group whose members include only remaining members 

of the second multicast group, wherein the third shared secret key provides a 

second secure channel for communicating between members of the third 

multicast group over the insecure network. 
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1 9. (Previously presented) The method as recited in Claim 1 , wherein the step of 

2 establishing a second multicast group requires a total of approximately N+l messages 

3 for providing the first secure channel for communicating between members of the 

4 second multicast group over the insecure network, wherein N is a number of members 

5 of the first multicast group. 

1 10. (Original) A computer-readable medium carrying one or more sequences of one or 

2 more instructions for communicating through a secure channel between members of a 

3 dynamically changing multicast group connected over an insecure network, and which 

4 instructions, when executed by one or more processors, cause the one or more 

5 processors to perform the steps of; 

6 computing a first shared secret key for establishing a first multicast group that 

7 includes a set of one or more first members; 

8 generating a first multicast group exchange key based on the first shared secret key; 

9 receiving a first user exchange key from a first user requesting entry into the first 

10 multicast group; 

1 1 computing a second secret key kl based on the first user exchange key and the first 

12 shared secret ke v according to the relation kl = fiT k mod (n)\ wherein Y* 

13 represents the first user exchange kev. k represents the first shared secret key, 

14 and n is a prime number selected bv the members of the multicast group and 

15 previously used to generate the first shared secret kev k: 

1 6 sending the first multicast group exchange key to the first user, wherein the first 

1 7 multicast group exchange key allows the first user to generate the second 

1 8 shared secret key; and 

1 9 establishing a second multicast group whose members include the first user and the 

20 set of one or more first members of the first multicast group, wherein the 

21 second shared secret key provides a first secure channel for communicating 

22 between members of the second multicast group over the insecure network. 

5 

Docket No. 50325-0127 (2380) 

PAGE 6/23 * RCVD AT 9/27/2004 6:20:56 PM [Eastern Daylight Time] * SVR:USPTO-EFXRM/0 * DN1S:8729306 * CSID:4084141076 1 DURATION (mm-ss):06-52 



09/27/2004 15:17 * 4084141076 HPTB SAN JOSE CALIFO PAGE 07/23 

Application of Srinath GONDAVEIXI, et al., Set. No. 09/608,831, Filed June 30, 2000 
Reply to Office Action 



1 11. (Original) The computer-readable medium as recited in Claim 1 0, wherein the step of 

2 computing a first shared secret key includes the steps of: 

3 selecting a private non-zero random integer 'V; 

4 selecting a public non-zero integer "g"; 

5 selecting a public prime integer "n"; and 

6 computing the first shared secret key "k" according to the relation 

7 k-(g*mod(n)). 

1 12, (Original) The computer-readable medium as recited in Claim 1 1 , wherein the step of 

2 generating a first multicast group exchange key includes the step computing the first 

3 multicast group exchange key K' according to the relation 

4 K' = (g k mod(n)). 

1 13. (Original) The computer-readable medium as recited in Claim 1 1 , wherein 

2 the step of receiving a first user exchange key includes the step of receiving a first 

3 user exchange key value Y* computed according to the relation 

4 Y' = (g y mod(n)X 

5 wherein *y * is a private non-zero random integer selected by the first user*-aad 

6 tho atop of computing - a second s e cret k e y includes the step computing tho 

7 sooond socrot k e y *Tcl" oooording to tho relation 

8 kl ^(Y'*inod (n)) , 

1 14. (Previously presented) The computer-readable medium as recited in Claim 1 1 , 

2 wherein the step of sending the first multicast group exchange key to the first user 

3 further comprises the first user computing the second secret key "kl" according to the 

4 relation 

5 kl = (K' y mod(n)), 

6 wherein 4 y * is a private non-zero random integer selected by the first user; and 

7 wherein K* is the first multicast group exchange key. 
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1 15. (Original) The computer-readable medium as recited in Claim 10, wherein: 

2 the step of receiving a first user exchange key from a first user comprises the step of 

3 verifying that the first user should be allowed entry into the first multicast 

4 group; and 

5 providing the first user with the first multicast exchange key only after the first user is 

6 verified for entry into the first multicast group. 

1 16. (Original) The computer-readable medium as recited in Claim 1 0, further comprising 

2 instructions for performing the steps of: 

3 generating a second multicast group exchange key based on the second shared secret 

4 key; 

5 receiving a second user exchange key from a second user requesting entry into the 

6 second multicast group; 

7 computing a third secret key based on the second user exchange key and the second 

8 shared secret key; 

9 sending the second multicast group exchange key to the second user, wherein the 

1 0 second multicast group exchange key allows the second user to generate the 

11 third shared secret key; and 

1 2 establishing a third multicast group whose members include the second user and the 

1 3 members of the second multicast group, wherein the third shared secret key 

14 provides a second secure channel for communicating between members of the 

1 5 third multicast group over the insecure network. 

1 17, (Original) The computer-readable medium as recited in Claim 1 1 , further comprising 

2 instructions for performing the steps of: 

3 determining that a first departing member has left the second multicast group; 

4 selecting a private multicast group non-zero random integer, 

5 generating a second multicast group exchange key based on the private multicast 

6 group non-zero random integer, the public non-zero integer "g" and the public 

7 prime integer 'V*; 

7 
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8 broadcasting the second multicast group exchange key to each remaining member of 

9 the second multicast group; 

10 in response to receiving the second multicast group exchange key, each remaining 

1 1 member computing a third secret key based on the second multicast group 

12 exchange key and the second shared secret key; and 

1 3 establishing a third multicast group whose members include only remaining members 

14 of the second multicast group, wherein the third shared secret key provides a 

1 5 second secure channel for communicating between members of the third 

1 6 multicast group over the insecure network. 

1 18. (Previously presented) The computer-readable medium as recited in Claim 10, 

2 wherein the step of establishing a second multicast group requires a total of 

3 approximately N+l messages for providing the first secure channel for 

4 communicating between members of the second multicast group over the insecure 

5 network, wherein N is a number of members of the first multicast group. 

1 19. (Original) A network device configured for communicating through a secure channel 

2 between members of a dynamically changing multicast group connected over an 

3 insecure network, comprising: 

4 a network interface; 

5 a processor coupled to the network interface and receiving information from the 

6 network interface; 

7 a computer-readable medium accessible by the processor and comprising one or more 

8 sequences of instructions which, when executed by the processor, cause the 

9 processor to cany out the steps of: 

10 computing a first shared secret key for establishing a first multicast group that 

1 1 includes a set of one or more first members: 

1 2 generating a first multicast group exchange key based on the first shared secret 

13 key, 

14 receiving a first user exchange key from a first user requesting entry into the 

15 first multicast group; 

8 



Docket No. 50325-0127 (2380) 

PAGE 9123 ' RCVD AT 9/27/2004 6:20:56 PM pastern Daylight Time] ' SVRiUSPTO-EFXRF-lfO * DN1S:8729306 * CSID:4Q84141 076 4 DURATION (mm-ss):06-52 



09/27/2004 15:17 '4084141076 



HPTB SAN JOSE CALIFO 



PAGE 10/23 



Application of Srinath GUNDAVELLI, et al., Ser. No. 09/608,831, Ffled Juae 30, 2000 
Reply to Office Action 



16 computing a second secret key kl based on the first user exchange key and the 

17 first shared secret ke y according to the relation kl = (Y' k mod faVl 

18 wherein V represents the first user exchange kev. k represents the first 

19 shared secret kev> and n is a prime number selected bv the members of 

20 the multicast group and previously used to generate the first shared 

21 secret key k: 

22 sending the first multicast group exchange key to the first user, wherein the 

23 first multicast group exchange key allows the first user to generate the 

24 second shared secret key; and 

25 establishing a second multicast group whose members include the first user 

26 and the set of one or more first members of the first multicast group, 

27 wherein the second shared secret key provides a first secure channel 

28 for communicating between members of the second multicast group 

29 over the insecure network. 

1 20. (Original) The network device as recited in Claim 19, wherein the step of computing 

2 a first shared secret key includes the steps of: 

3 selecting a private non-zero random integer **x"; 

4 selecting a public non-zero integer "g"; 

5 selecting a public prime integer "n"; and 

6 computing the first shared secret key "k" according to the relation 

7 k = (g x mod(n))> 

1 21. (Original) The network device as recited in Claim 20, wherein the step of generating 

2 a first multicast group exchange key includes the step computing the first multicast 

3 group exchange key K* according to the relation 

4 K'^modOi)). 

1 22. (Original) The network device as recited in Claim 20, wherein 

2 the step of receiving a first user exchange key includes the step of receiving a first 

3 user exchange key value Y* computed according to the relation 

9 
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4 Y'^modOi)), 

5 wherein "y w * s a private non-zero random integer selected by the first userf-asd 

6 th e otop of computing a sooond cocrot key includes tho atop computing the 

7 s e cond secret koy *1tl" according to th e rolation 

8 kl~(Y J *mod(n)) , 

1 23. (Previously presented) The network device as recited in Claim 20, wherein the step 

2 of sending the first multicast group exchange key to the first user further comprises 

3 the first user computing the second secret key Tel" according to the relation 

4 kl = (K ,y mod(n)X 

5 wherein *y 7 is a private non-zero random integer selected by the first user; and 

6 wherein K' is the first multicast group exchange key. 

1 24, (Original) The network device as recited in Claim 19, wherein: 

2 the step of receiving a first user exchange key from a first user comprises the step of 

3 verifying that the first user should be allowed entry into the first multicast 

4 group; and 

5 providing the ftrst user with the first multicast exchange key only after the first user is 

6 verified for entry into the first multicast group. 

1 25. (Original) The network device as recited in Claim 1 9, further comprising instructions 

2 for performing the steps of: 

3 generating a second multicast group exchange key based on the second shared secret 

4 key, 

5 receiving a second user exchange key from a second user requesting entry into the 

6 second multicast group; 

7 computing a third secret key based on the second user exchange key and the second 

8 shared secret key; 

9 sending the second multicast group exchange key to the second user, wherein the 

10 second multicast group exchange key allows the second user to generate the 

1 1 third shared secret key; and 

10 
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12 establishing a third multicast group whose members include the second user and the 

1 3 members of the second multicast group, wherein the third shared secret key 

1 4 provides a second secure channel for communicating between members of the 

1 5 third multicast group over the insecure network. 

1 26. (Original) The network device as recited in Claim 20, fbrther comprising instructions 

2 for performing the steps of: 

3 determining that a first departing member has left the second multicast group; 

4 selecting a private multicast group non-zero random integer; 

5 generating a second multicast group exchange key based on the private multicast 

6 group non-zero random integer, the public non-zero integer "g" and the public 

7 prime integer 4 

8 broadcasting the second multicast group exchange key to each remaining member of 

9 the second multicast group; 

10 in response to receiving the second multicast group exchange key, each remaining 

1 1 member computing a third secret key based on the second multicast group 

1 2 exchange key and the second shared secret key; and 

1 3 establishing a third multicast group whose members include only remaining members 

14 of the second multicast group, wherein the third shared secret key provides a 

15 second secure channel for communicating between members of the third 

1 6 multicast group over the insecure network. 

1 27. (Previously presented) The network device as recited in Claim 19, wherein the step 

2 of establishing a second multicast group requires a total of approximately N+l 

3 messages for providing the first secure channel for communicating between members 

4 of the second multicast group over the insecure network, wherein N is a number of 

5 members of the first multicast group. 
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1 28. (Original) A network device configured for communicating through a secure channel 

2 between members of a dynamically changing multicast group connected over an 

3 insecure network, comprising: 

4 means for computing a first shared secret key for establishing a first multicast group 

5 that includes a set of one or more first members; 

6 means for generating a first multicast group exchange key based on the first shared 

7 secret key; 

8 means for receiving a first user exchange key from a first user requesting entry into 

9 the first multicast group; 

10 means for computing a second secret key kl based on the first user exchange key and 

11 the first shared secret key accordin g to the relation kl = (Y* k mod 

12 wherein Y > represents th e first user exchange kev, k represents the first shared 

13 secret key, and n is a prime number selected by the members of the multicast 

14 group and previously used to generate the first shared secret key k: 

1 5 means for sending the first multicast group exchange key to the first user, wherein the 

1 6 first multicast group exchange key allows the first user to generate the second 

17 shared secret key; and 

18 means for establishing a second multicast group whose members include the first user 

1 9 and the set of one or more first members of the first multicast group, wherein 

20 the second shared secret key provides a first secure channel for 

2 1 communicating between members of the second multicast group over the 

22 insecure network. 
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1 29. (Original) A method for generating a shared secret key for use by a first member, a 

2 second member, and a third member who joins the first member and the second 

3 member for secure communication as a multicast group over an insecure network, the 

4 method comprising the computer-implemented steps of: 

5 generating a first multicast group exchange key K* based on a first shared secret key 

6 "k" that is used by a first multicast group that includes the first member and 

7 the second member, wherein k = (g* mod (n)), "x" is a private non-zero 

8 random integer, "g" is a public non-zero integer, and "n" is a pre-determined 

9 public prime integer, and wherein K* = (g* mod (n)); 

10 receiving a first user exchange key from the third member as part of a request by the 

11 third member to enter the first multicast group; 

12 sending the first multicast group exchange key to the first member, wherein the first 

1 3 multicast group exchange key allows the first member to generate a second 

14 secret key kl based on the first user exchange key and the first shared secret 

15 ke y according to the relation kl = fY >k mod (nVl wherein Y' represents the 

16 first user exchange key, k represents the first shared secret kev. and n is a 

17 prime number selected bv the members of the multicast group and previously 

18 used to generate the first shared secret kev k: and 

19 establishing secure communication in a second multicast group whose members 

20 include the first member, the second member and the third member, and based 

21 on the second shared secret key. 

< 

1 30. (Original) The method as recited in Claim 29, wherein 

2 the step of receiving a first user exchange key includes the step of receiving a first 

3 user exchange key value Y* computed according to the relation 

4 Y* = (g y mod(n)) 5 

5 wherein "/ * is a private non-zero random integer selected by the first member? 

6 and 

7 the otop of computing a s e cond Goorct key includes tho ctop computing th e s e cond 

8 s e cr e t koy "kl" aooording to tho relation 
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9 kl-(Y*mod(n)) , 

1 31. (Original) The method a$ recited in Claim 29, wherein the step ofsending the first 

2 multicast group exchange key to the first member further comprises the first member 

3 computing the second secret key "kl " according to the relation 

4 kl-(K' y mod(n)). 

1 32. (Original) The method as recited in Claim 29, wherein the step of receiving a first 

2 user exchange key from a first member comprises the step of providing the first user 

3 with the first multicast exchange key only after verifying that the first user is allowed 

4 to enter the first multicast group. 

1 33. (Original) The method as recited in Claim 29, farther comprising the steps of: 

2 determining that a first departing member has left the second multicast group; 

3 selecting a private multicast group non-zero random integer; 

4 generating a second multicast group exchange key based on the private multicast 

5 group non-zero random integer, the public non-zero integer "g" and the public 

6 prime integer "n"; 

7 broadcasting the second multicast group exchange key to each remaining member of 

8 the second multicast group; 

9 in response to receiving the second multicast group exchange key, each remaining 

1 0 member computing a third secret key based on the second multicast group 

1 1 exchange key and the second shared secret key; and 

12 establishing a third multicast group whose members include only remaining members 

13 of the second multicast group, wherein the third shared secret key provides a 

1 4 second secure channel for communicating between members of the third 

1 5 multicast group over the insecure network. 

1 34. (Previously presented) The method as recited in Claim 1 , wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

14 
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4 further comprising the step of the particular first member sending the first user 

5 exchange key to the other first members of the set of one or more first 

6 members; and 

7 wherein each first member of the set of one or more first members computes the 

8 second secret key klbased on the first user exchange key and the first shared 

9 secret ke y.accordmg to the relation kl = fY' k mod (ti)Y wherein Y» represents 

10 the first user exchange kev, k represent s the first shared secret key, and n is a 

11 prime number selected b v the members of the multicast group and previously 
* 2 used to gene rate the first shared secret key lc 

1 35, (Previously presented) The method as recited in Claim 1, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 the other first members of the set of one or more first members receive the first user 

5 exchange key from the first user; and 

6 each first member of the set of one or more first members computes the second secret 

7 key ki,based on the first user exchange key and the first shared secret key 

8 according to the relation kl = (Y* mod fnYl wherein Y* represents the first 

9 user excha nge key, k represents the first shared secret key, and n is a p rime 

10 number se lected bv the members of the multicast group and previously used to 

11 generate the first shared secret keyk. 

1 36. (Previously presented) The method as recited in Claim 1, wherein: 

2 the set of one or more first members is a set of one or more first workstations; and 

3 the first user is a second workstation. 

1 37. (Previously presented) The computer-readable medium as recited in Claim 1 0, 

2 wherein: 

3 the first user exchange key is received by a particular first member of the set of one or 

4 more first members; 
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5 further comprising instructions for performing the step of the particular first member 

6 sending the first user exchange key to the other first members of the set of one 

7 or more first members; and 

8 wherein each first member of the set of one or more first members computes the 

9 second secret key kLbased on the first user exchange key and the first shared 

10 secret keyjugotding to the relation kl = (Y* mod faVl. wherein Y» represents 

11 the first user exchange kev. k represent s the first shared secret kev. and n is a 

12 prime number selected by the memb ers of the multicast group and previously 

13 used to gen erate the fiff ffi Rh*r*A g* cret kev k . 



1 38. (Previously presented) The computer-readable medium as recited in Claim 10, 

2 wherein: 

3 the first user exchange key is received by a particular first member of the set of one or 

4 more first members; 

5 the other first members of the set of one or more first members receive the first user 

6 exchange key from the first user; and 

7 each first member of the set of one or more first members computes the second secret 

8 key kLbased on the first user exchange key and the first shared secret key 

9 according to the relation kl = ftT k mod (n)\ wherein Y* represents the first 
*° user exchange kev, k rep resents the first shared secret kev. andn is aprigg 

11 number se lected bv the members of the multicast group and previously used to 

12 generate the first shared secret kevk . 

1 39. (Previously presented) The computer-readable medium as recited in Claim 1 0, 

2 wherein; 



3 the set of one or more first members is a set of one or more first workstations; and 

4 the first user is a second workstation. 

1 40. (Previously presented) The network device as recited in Claim 1 9, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 
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4 the computer-readable medium further comprises instructions for performing the step 

5 of the particular first member sending the first user exchange key to the other 

6 first members of the set of one or more first members; and 

7 wherein each first member of the set of one or more first members computes the 

8 second secret key kLbased on the first user exchange key and the fust shared 

9 secret ke y according to the relation kl = fY* mod faYl wherein Y' represents 

10 the first user exchange key, k represents th e first shared secret kev. and n is a 

11 primp number selected bv the member s of the multicast proup and previously 

12 used to generate the first sh ared secret kev k. 

1 41 . (Previously presented) The network device as recited in Claim 19, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 the other first members of the set of one or more first members receive the first user 

5 exchange key from the first user; and 

6 each first member of the set of one or more first members computes the second secret 

7 key kl_ba$ed on the first user exchange key and the first shared secret key 

8 according to the relation k l » fY' k mod faVL wherein Y* represents the first 

9 user exchange kev. k represents the fir st shared secret kev. and n is a prime 

10 number selected bv the members of t he multicast group and previously use^ to 

11 generate the first shared secre t kev k , 

1 42. (Previously presented) The network device as recited in Claim 19, wherein: 

2 the set of one or more first members is a set of one or more first workstations; and 

3 the first user is a second workstation. 

1 43. (Previously presented) The network device as recited in Claim 28, wherein the means 

2 for computing a first shared secret key includes: 

3 means for selecting a private non-zero random integer "x"; 

4 means for selecting a public non-zero integer "g"; 

5 means for selecting a public prime integer V; and 
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6 means for computing the first shared secret key "k" according to the relation 

7 k = (g x mod(n)). 

1 44. (Previously presented) The network device as recited in Claim 43, wherein the means 

2 for generating a first multicast group exchange key includes means for computing the 

3 first multicast group exchange key K' according to the relation 

4 K'-^modCn)). 

1 45. (Previously presented) The network device as recited in Claim 43, wherein 

2 the means for receiving a first user exchange key includes means for receiving a first 

3 user exchange key value Y' computed according to the relation 

4 Y> = (g y mod(n)), 

5 wherein *y ' is a private non-zero random integer selected by the first user^-and 

6 th e m e ano for computing a gocond aocret k e y inoludos m e ano for computing 

7 tho gooond seorot key *kl" according to the r e lation 

8 kl-(¥*mod(n)) . 

1 46. (Previously presented) The network device as recited in Claim 43, wherein the means 

2 for sending the first multicast group exchange key to the first user further comprises 

3 means for the first user computing the second secret key u kl" according to the 

4 relation 

5 kl=(K' y mod(n)), 

6 wherein "y" is a private non-zero random integer selected by the first user, and 

7 wherein K' is the first multicast group exchange key. 

1 47, (Previously presented) The network device as recited in Claim 28, wherein: 

2 the means for receiving a first user exchange key from a first user comprises means 

3 for verifying that the first user should be allowed entry into the first multicast 

4 group; and 

5 means for providing the first user with the first multicast exchange key only after the 

6 first user is verified for entry into the first multicast group. 

18 
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1 48. (Previously presented) The network device as recited in Claim 28, further 

2 comprising: 

3 means for generating a second multicast group exchange key based on the second 

4 shared secret key; 

5 means for receiving a second user exchange key from a second user requesting entry 

6 into the second multicast group; 

7 means for computing a third secret key based on the second user exchange key and 

8 the second shared secret key; 

9 means for sending the second multicast group exchange key to the second user, 

1 0 wherein the second multicast group exchange key allows the second user to 

1 1 generate the third shared secret key; and 

1 2 means for establishing a third multicast group whose members include the second 

1 3 user and the members of the second multicast group, wherein the third shared 
^4 secret key provides a second secure channel for communicating between 

I 5 members of the third multicast group over the insecure network, 

1 49. (Previously presented) The network device as recited in Claim 43, further 

2 comprising: 

3 means for determining that a first departing member has left the second multicast 

4 group; 

5 means for selecting a private multicast group non-zero random integer; 

6 means for generating a second multicast group exchange key based on the private 

7 multicast group non-zero random integer, the public non-zero integer "g" and 

8 the public prime integer 8 V; 

9 means for broadcasting the second multicast group exchange key to each remaining 
10 member of the second multicast group; 

I I means for, in response to receiving the second multicast group exchange key, each 

12 remaining member computing a third secret key based on the second multicast 

13 group exchange key and the second shared secret key; and 
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1 4 means for establishing a third multicast group whose members include only remaining 

1 5 members of the second multicast group, wherein the third shared secret key 

1 6 provides a second secure channel for communicating between members of the 

1 7 third multicast group over the insecure network, 

1 50. (Previously presented) The network device as recited in Claim 28, wherein the means 



2 for establishing a second multicast group requires a total of approximately N+l 

3 messages for providing the first secure channel for communicating between members 

4 of the second multicast group over the insecure network, wherein N is a number of 

5 members of the first multicast group. 

1 5L (Previously presented) The network device as recited in Claim 28, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 further comprising means for the particular first member sending the first user 

5 1 exchange key to the other first members of the set of one or more first 

6 members; and 

7 wherein each first member of the set of one or more first members computes the 

8 second secret key kl based on the first user exchange key and the first shared 

9 secret kev according to th e relation kl = (Y* mod (n)\ wherein Y* represents 
10 the first user exchange ke v. k represents the first shared secret kev, and n is a 
H Prime num ber selected by the members of the multicast group and previously 
12 used to generate the first shared secret kev k . 

1 52, (Previously presented) The network device as recited in Claim 28, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 the other first members of the set of one or more first members receive the first user 

5 exchange key from the first user; and 



20 

Docket No. 50325-0127 (2380) 



PACE 21/23 * RCVD AT 9/27/2004 6:20:56 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-1/0 * DNIS:8729306 * CSID:4D«4141076 * DURATION tmm-ss):06-52 



09/27/^804 15:17 * 4084141076 HPTB SAN JOSE CALIFO PAGE 22/23 

Application of Sriaadi GUND A VILLI, et al_, Ser. No. 09/608,831, Filed June 30, 2000 
Proposed Amendment 

6 each first member of the set of one or more first members computes the second secret 

7 key klbased on the first user exchange key and the first shared secret key 

8 according to the relation kl = (Y* mod (n)\ wherein Y' represents the first 

9 user exchange key, k rep resents the first shared secret kev. and n is a prime 

10 number selected bv the members of t he multicast ft raup and p reviously used to 

11 generate the first shared secret kev k . 

1 53, (Previously presented) The network device as recited in Claim 28, wherein: 

2 the set of one or more first members is a set of one or more first workstations; and 

3 die first user is a second workstation. 
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